search

kubeovn / kube-ovn

A Bridge between SDN and Cloud Native (Project under CNCF)
https://kubeovn.github.io/docs/stable/en/
Apache License 2.0
1.87k stars 433 forks source link

Support admin network policy API #3247

Open tssurya opened 9 months ago

tssurya commented 9 months ago

Feature request

sig-network-policy-api working group has a new set of APIs for implementing admin network policies: https://network-policy-api.sigs.k8s.io/

Use case

This can be particularly useful:

  1. for creating cluster scoped policies that span across namespaces to set them up before the namespace is created
  2. policies that cluster admins can create that are non-overridable by the developer nework policies
oilbeater commented 9 months ago

@tssurya, thank you for providing this valuable information. The set of APIs you have shared appears to offer solutions to some of the challenges faced by our community. We will carefully consider incorporating it into our long-term roadmap.

tssurya commented 8 months ago

Thanks @oilbeater ! Also note that OVN added the "Hierarchical ACLs" feature to allow for ANP/NP/BANP APIs to exist, so that could be of great help to KubeOVN as well!

github-actions[bot] commented 6 months ago

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.

github-actions[bot] commented 4 months ago

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.

wfnuser commented 2 months ago

@oilbeater I'm interested in this one. I think it can help me to get started with the project. Can you assign it to me?

oilbeater commented 2 months ago

@wfnuser Thank you for expressing interest in contributing to Kube-OVN. Do you have a plan in mind for when to start and finish this feature? We are aiming to integrate this feature into Kube-OVN by August. Implementing this feature may be challenging and require significant effort. However, we are more than willing to assist you throughout the process. Please let us know if this timeline works for you.

wfnuser commented 2 months ago

@wfnuser Thank you for expressing interest in contributing to Kube-OVN. Do you have a plan in mind for when to start and finish this feature? We are aiming to integrate this feature into Kube-OVN by August. Implementing this feature may be challenging and require significant effort. However, we are more than willing to assist you throughout the process. Please let us know if this timeline works for you.

Yep. Recently I have already started to hack the source code and made some progress (mostly about the security group implementation). If the deadline is like August, I guess I will have enough time to tackle this issue. Let me try to get some more info about it, and make a plan for it. (Currently I'm quite new to k8s and the ecology. ) And if I found it truely is a huge challenge for me, I will let you know before next Thursday. And pick some other easier issues. Does it sound reasonable to you.

oilbeater commented 2 months ago

hi, @wfnuser how are things going now?

wfnuser commented 2 months ago

@oilbeater Sorry for the late reply. I have some food poisoning issue during the holiday. 😂 I acknowledge that it's a tough task for me, and I plan to tackle some smaller issues first. Please feel free to delegate it to someone else.